Yet again, another batch of software vulnerabilities affecting a very significant company has been discovered by security researchers. The software vulnerabilities have been found in Aruba Networks’ ArubaOS product. Fortunately, the issue has been patched however systems that are unpatched to the latest security fix detailed in the next sections are vulnerable to complete system compromise.
Who Are Aruba Networks?
Aruba Networks are a global leader in wireless, wired, and SD-WAN solutions that utilize artificial intelligence to automate and secure networks from edge to cloud. According to their official website, Aruba Networks provide the following products and solutions; wireless products, switches, SD-WAN, security threat management, Aruba ESP (Edge Services Platform), and much more. Hewlett Packard Enterprise owned Aruba Networks is based in California, U.S., and is a multi-billion dollar company that employees over 6000 people.
More About The Software Vulnerabilities
On August 31st, 2021 an official report belonging to the Aruba Product Security Advisory was released. The report reveals that multiple vulnerabilities were discovered mainly affecting the Aruba operating system. There are a total of 10 vulnerabilities reported, among which a few are worthy of special attention, especially a particular critical vulnerability. One of these vulnerabilities is classified as critical, while the others range between high and medium severity.
Technical Details
As far as the critical vulnerability is concerned, the technical details gathered in the report state that the type of this vulnerability is a buffer overflow in the PAPI protocol. This vulnerability, marked with CVE ID code 2021-37716, allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error when processing PAPI packets. A remote attacker can send a specially crafted PAPI packet to port 8211/UDP, trigger memory corruption and execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in a complete compromise of a vulnerable system.
Vulnerable Software Versions
It is crucial that ArubaOS (Operating System) users are informed about the software versions that are currently vulnerable to the software vulnerability and can be potentially compromised by a remote attacker;
ArubaOS 8.3.0.x: 8.3.0.14 and below ArubaOS 8.5.0.x: 8.5.0.11 and below ArubaOS 8.6.0.x: 8.6.0.7 and below ArubaOS 8.7.x.x: 8.7.1.1 and below SD-WAN-2.2.x.x: 8.6.0.4-2.2.0.3 and below
Important User Information
The following is extremely important information for users of the vulnerable ArubaOS versions listed in the above section. As of now, this software vulnerability has been confirmed as patched (fixed). As per the official report, Aruba Networks is unaware that any of these vulnerabilities have been exploited as of yet. Users must update to the latest software version to mitigate the issue, listed below;
ArubaOS 8.3.0.x: 8.3.0.15 and above ArubaOS 8.5.0.x: 8.5.0.12 and above ArubaOS 8.6.0.x: 8.6.0.8 and above ArubaOS 8.7.x.x: 8.7.1.2 and above ArubaOS 8.8.0.x: 8.8.0.0 and above SD-WAN-2.2.x.x: 8.6.0.4-2.2.0.4 and above SD-WAN-2.3.x.x: 8.7.0.0-2.3.0.0 and above
Note: The operating system should automatically notify users to update. Alternatively, a manual update should be applied according to the information in the vulnerability report.